Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010."— Presentation transcript:

1 NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010

2 Federal Agency Business Needs Implement SSO across an entire agency or department Implement federated SSO across multiple organizations Reduce IT expenses associated with custom solutions Meet federal mandates regarding PIV/CAC Promote both interoperability and standards Align with FICAM’s IdM reference segment architecture Implement a turnkey solution in a timely manner 2

3 Federal Mandates Mandates for Federated Authentication and Personal Identity Verification (PIV) Card and Common Access Card (CAC) across the Federal Government: HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors” FIPS 201-1 “Personal Identity Verification of Federal Employees and Contractors” NIST SP-800-63 “Electronic Authentication Guideline” OMB M-04-04 “E-Authentication Guidance for Federal Agencies” OMB M-06-16 “Protection of Sensitive Agency Information” 3

4 NIH iTrust 4 Enterprise web single sign- on (SSO) and federation services In production since 2003 (as NIH Login) Over 35,000 NIH users, 238 applications, 588 URLs Over 2.4 million transactions per day Supports Personal Identity Verification (PIV) Cards

5 Federated View 5

6 6 Federated Authentication at NIH Trust framework provider General Services Administration Private-sector identity providers U.S. Government websites Assessors & auditors Dispute resolvers User

7 7 Federated Authentication at NIH Trust framework provider General Services Administration Universities U.S. Government websites Assessors & auditors Dispute resolvers User

8 8 Federated Authentication at NIH Trust Framework Provider: Federal PKI Architecture Trust Framework Provider: Federal PKI Architecture Federal Agencies InCommon Federation Provider websites Assessors & auditors Dispute resolvers User U.S. Government websites

9 Current Integration Projects NIH eVIP (electronic Vendor Invoicing Program) NIH eRA (electronic Research Administration) National Library of Medicine PubMed Database HHS Healthcare Reform Implementation Tracking Tool (HRITT) National Interagency Confederation for Biological Research (NICBR) 9

10 NIH iTrust Technology CA SiteMinder web access management system –User authentication and secure Internet SSO –Policy-driven authorization and federation of identities –Complete auditing of all access to the application Configuration to support SAML 1.1 and 2.0, OpenID 2.0, and X.509 (PIV and PKI) credentials –Cross-certified with the Federal PKI architecture NIH iTrust has 99.95% availability 24 x 7 x 365 –Windows and Unix servers in the highly secure NIH Data Center in Bethesda, MD –Dedicated production servers and off-site failover capabilities 10

11 Internet NIH iTrust Agency Application (without 3 rd party agent) NIH Reverse Proxy Identity Provider NIH Assertion/Token Consumer User Credential User Credential SAML OpenID SAML OpenID Identity Provider Listing Service SOAP Federation Links Link Cache AuthZ HTTP Headers HTTP Headers Select IDP Link Select IDP Link 11

12 rp2.consortium.gov/site2 (SharePoint 2010) WS-Trust Internet Identity Provider (IdP) NIH Relying Party (RP) rp1.consortium.gov/site1 (IIS) rp-sts.consortium.gov (ADFS 2.0) Idp1.nih.gov Other IdP idp2.theirdomain.com SAML WS-Trust User/Browser SAML PIV Cert PIV Cert PIV Cert PIV Cert NTLM A/D WS-Trust Collaborative SharePoint 12

13 WS –Trust RST Internet Identity Provider (IdP) (OIX Certified) Relying Party (RP) Invoice1 Equifax User/Browser/Card Selector Information Card CCR SOA SVC WS-Trust SAML PayPal RSTR SAML 1 2 3 4 5 HTML Object Tag WS-Security Policy 1.User attempts to access LOA 3 Invoice1 resource. 2-4. The user authenticates to Invoice1 using their PayPal information card 5.Invoice1 verifies the user is a trusted role using the CCR SOA service Vendor Invoicing 13

14 NIH iTrust Demo Clinical and Translational Science Awards (CTSA) Wiki –http://www.ctsaweb.org/federatedhome.htmlhttp://www.ctsaweb.org/federatedhome.html My NCBI (PubMed/Medline access) –http://www.ncbi.nlm.nih.gov/sites/myncbi/http://www.ncbi.nlm.nih.gov/sites/myncbi/ 14

15 For Further Information Debbie Bucci Manager, Integration Services Center Division of Enterprise and Custom Applications Center for Information Technology National Institutes of Health Debbie.Bucci@nih.gov NIH Integration Services Center NIHISCSupport@mail.nih.gov 15

Download ppt "NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Click to edit Master title style HEALTH INFORMATION 1 Identity & Access Management Presenter: Mike Davis (760) 632-0294 January 09, 2007.

Click to edit Master title style HEALTH INFORMATION 1 Identity & Access Management Presenter: Mike Davis (760) January 09, 2007.
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Single Sign-On and Federated Authentication at NIH and Beyond

Single Sign-On and Federated Authentication at NIH and Beyond
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Eric Raff. Usergroup up

Eric Raff. Usergroup up
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.

Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number 09-017 Norman F. Brickman, Roger.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Single Sign-On, Federated Authentication and Beyond at NIH Dr. Peter Alterman National Institutes of Health.

Single Sign-On, Federated Authentication and Beyond at NIH Dr. Peter Alterman National Institutes of Health.

Similar presentations

Ads by Google